SitePoint Sponsor

User Tag List

Page 2 of 2 FirstFirst 12
Results 26 to 35 of 35
  1. #26
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    define ('ROWS_PER_GROUP'4);

            
    $result mysql_query("SELECT * FROM videos WHERE GTitle = '$game' AND VTitle NOT LIKE '%</a>%' ORDER BY sort")
                      or die(
    mysql_error());

    $i 0;

    $groups = array();


    while(
    $row mysql_fetch_assoc($result)){


    $image5=$row['IFilename'];
       if (
    $image5==""){
    $image6="images/favicon.gif";
    }else{
    $image6=$row['IFilename'];
    }

      
    $groups[$i ROWS_PER_GROUP] = $row;

      
    $i++;

    }


    foreach(
    $groups as $rows){

        echo 
    "<tr>";

    foreach(
    $rows as $row){


             echo 
    "
             <td class='4' align='center' valign='center' height='150' width='150'>
             <a href='http://www.gameanyone.com?p=video&game=
    $game&video=".$row['VTitle']."'><img src='".$row['IFilename']."' border='0' height='100'><br>".$row['VTitle']."
             </a></td>
            "
    ;

    }

    echo 
    "</tr>";

    }


            echo 
    "</table>"
    What is the purpose of $image5 and $image6?

  2. #27
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The path of each thumbnail is stored in the database. $image5 and $image6 are checking to see if there is a path set, but if there isn't one then it will just display a "no thumbnail" image, which for now is just the favicon. I just forgot to put $image6 below. The echo in the foreach should use
    Code:
    <img src='$image6' border='0' height='100'>
    I set each row value to a string before the foreachs and now I am getting some real data echo'ed. But it is displaying 8 per line and its displaying 8 of the same result per line.

    See here:
    http://www.gameanyone.com/?p=game&ga...gnition&view=2

  3. #28
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jetnine View Post
    The path of each thumbnail is stored in the database. $image5 and $image6 are checking to see if there is a path set, but if there isn't one then it will just display a "no thumbnail" image, which for now is just the favicon. I just forgot to put $image6 below. The echo in the foreach should use
    Code:
    <img src='$image6' border='0' height='100'>
    Move this code to foreach's.

    Quote Originally Posted by jetnine View Post
    I set each row value to a string before the foreachs and now I am getting some real data echo'ed. But it is displaying 8 per line and its displaying 8 of the same result per line.
    Could you post the whole file?

    Have you tried the code I posted in my last message?

  4. #29
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried yours and it was just doing what it was before; 8 per line and not loading the data. Here is what I have now and the result can be seen here:
    http://www.gameanyone.com/?p=game&ga...gnition&view=2
    PHP Code:
    define ('ROWS_PER_GROUP'4);

            
    $result mysql_query("SELECT * FROM videos WHERE GTitle = '$game' AND VTitle NOT LIKE '%</a>%' ORDER BY sort")
                      or die(
    mysql_error());

    $i 0;

    $groups = array();


    while(
    $row mysql_fetch_assoc($result)){


      
    $groups[$i ROWS_PER_GROUP] = $row;

      
    $i++;


    $image5=$row['IFilename'];
       if (
    $image5==""){
    $image6="images/favicon.gif";
    }else{
    $image6=$row['IFilename'];
    }

    $vtitle=$row['VTitle'];


    foreach(
    $groups as $rows){

        echo 
    "<tr>";

    foreach(
    $rows as $row){


             echo 
    "
             <td class='4' align='center' valign='center' height='150' width='150'>
             <a href='http://www.gameanyone.com?p=video&game=
    $game&video=$vtitle'><img src='$image6' border='0' height='100'><br>$vtitle
             </a></td>
            "
    ;

    }

    echo 
    "</tr>";

    }


    }

            echo 
    "</table>"
    Here is the whole code of the file:
    PHP Code:
    <?php

      $game
    =$_GET['game'];

    echo 
    "<table border='0' cellspacing='0' cellpadding='1' width='600' align='center'>
            <tr><td align='left'>"
    ;

      
    $result7 mysql_query("SELECT * FROM games WHERE game = '$game'")

            or die(
    mysql_error());

            

            while(
    $row7 mysql_fetch_array$result7 )) {

            

            echo 
    "<img src='images/".$row7['boximage']."' height='150'>";

            }

            



    echo 
    "</td><td align='left'>


               <table border='0' cellspacing='0' cellpadding='1' align='center'>

              <tr>

                  <th><h1>
    $game</h1></th>

              </tr></table>

    <div align='center'>| "
    ;

      
    $result mysql_query("SELECT * FROM pages WHERE game = '$game'")

            or die(
    mysql_error());

            

            while(
    $row mysql_fetch_array$result )) {

            

            echo 
    " <a href='http://www.gameanyone.com".$row['address']."'>".$row['pagename']."</a> |";

            }

            

     echo 
    "</div><br>
    <div align='center'>| "
    ;

      
    $result mysql_query("SELECT * FROM content WHERE game = '$game'")

            or die(
    mysql_error());

            

            while(
    $row mysql_fetch_array$result )) {

            

            echo 
    " <a href='http://www.gameanyone.com?p=q&id=".$row['id']."'>".$row['title']."</a> |";

            }

            

     echo 
    "</div>

    </tr></table><br><br>"
    ;

      
    $view=$_GET['view'];
      
      if(
    $view=='' || $view==1){


    echo 
    "<table border='0' cellspacing='0' cellpadding='0' width='635'>

      <tr>

      <td align='center' valign='top'>"
    ;

              
    $game=$_GET['game'];

           
    $query1 mysql_query("SELECT * FROM downloads WHERE game = '$game'");

    $number1=mysql_num_rows($query1);

     if ( 
    $number1 == ) {

     
    $width 600;

     }else{

     
    $width 350;

     }

            echo 
    "<table border='0' cellspacing='0' cellpadding='1' width='$width'>

              <tr>

                  <th colspan='2'>Videos</th>

              </tr>"
    ;

            



            
    $result mysql_query("SELECT * FROM videos WHERE GTitle = '$game' ORDER BY sort ASC")

            or die(
    mysql_error());

            

            while(
    $row mysql_fetch_array$result )) {

            
    $image5=$row['IFilename'];

    if (
    $image5==""){
    $image6="images/favicon.gif";
    }else{
    $image6=$row['IFilename'];
    }

    $num_rows mysql_num_rows($result);

    if (
    $image6=="images/favicon.gif" && $num_rows<=15){
    $height="<td></td>";
    }
    elseif (
    $num_rows==1){
    $height="<td align='left' width='210'><div style='width:210; align:left;'><img src='$image6' border='0' height='150'></div></td>";
    }
    elseif (
    $num_rows<=5){
    $height="<td align='center' width='120'><div style='width:120; align:left;'><img src='$image6' border='0' height='85'></div></td>";
    }
    elseif (
    $num_rows<=10 && $num_rows>&& $image6!=="images/favicon.gif"){
    $height="<td align='center' width='90'><div style='width:90; align:left;'><img src='$image6' border='0' height='65'></div></td>";
    }
    elseif (
    $num_rows<=15 && $num_rows>10 && $image6!=="images/favicon.gif"){
    $height="<td align='center' width='65'><div style='width:65; align:left;'><img src='$image6' border='0' height='45'></div></td>";
    }


    else{
    $height="<td></td>";
    }

    // $cats1=$row['back'];
    // if ($cats1==1){
    // $cats="#3B3B3B";
    // }else{
    // $cats="";
    // }

    echo "<tr>
          
    $height
    <td class='4' align='left' bgcolor='
    $cats'><a href='http://www.gameanyone.com?p=video&game=$game&video=".$row['VTitle']."'>".$row['VTitle']."</a></td>

              </tr>

            "
    ;

            }

            

            echo 
    "</table>

      </td>"
    ;

      

            
    $game=$_GET['game'];

           
    $query mysql_query("SELECT * FROM downloads WHERE game = '$game'");

    $number=mysql_num_rows($query);

     if ( 
    $number !== ) {



      echo 
    "<td align='center' valign='top'>

            <table border='0' cellspacing='0' cellpadding='1' width='250'>

              <tr>

                  <th>Downloads</th>

              </tr>"
    ;

            

            
    $game=$_GET['game'];

            
    $result mysql_query("SELECT * FROM downloads WHERE game = '$game' ORDER BY sort ASC")

            or die(
    mysql_error());

            

            while(
    $row mysql_fetch_array$result )) {

            

            echo 
    "

              <tr>

                  <td class='4'><a href='http://www.gameanyone.com?p=download&game=
    $game&download=".$row['name']."'>".$row['type']." - ".$row['type2']." - ".$row['name']."</a></td>

              </tr>

            "
    ;



            }

            echo 
    "</table>

      </td>"
    ;

      }

      echo 
    "</tr>

    </table><br><br>"
    ;

    }elseif(
    $view==2){

                 echo 
    "<table border='0' cellspacing='0' cellpadding='1' width='$width'>
                        <tr>
                             <th colspan='2'>Videos</th>
                        </tr>"
    ;
    define ('ROWS_PER_GROUP'4);

            
    $result mysql_query("SELECT * FROM videos WHERE GTitle = '$game' AND VTitle NOT LIKE '%</a>%' ORDER BY sort")
                      or die(
    mysql_error());

    $i 0;

    $groups = array();


    while(
    $row mysql_fetch_assoc($result)){


      
    $groups[$i ROWS_PER_GROUP] = $row;

      
    $i++;


    $image5=$row['IFilename'];
       if (
    $image5==""){
    $image6="images/favicon.gif";
    }else{
    $image6=$row['IFilename'];
    }

    $vtitle=$row['VTitle'];


    foreach(
    $groups as $rows){

        echo 
    "<tr>";

    foreach(
    $rows as $row){


             echo 
    "
             <td class='4' align='center' valign='center' height='150' width='150'>
             <a href='http://www.gameanyone.com?p=video&game=
    $game&video=$vtitle'><img src='$image6' border='0' height='100'><br>$vtitle
             </a></td>
            "
    ;

    }

    echo 
    "</tr>";

    }


    }

            echo 
    "</table>";

    }


    ?>

  5. #30
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this:

    PHP Code:
    define ('ROWS_PER_GROUP'4); 

            
    $result mysql_query("SELECT * FROM videos WHERE GTitle = '$game' AND VTitle NOT LIKE '%</a>%' ORDER BY sort"
                      or die(
    mysql_error()); 

    $i 0

    $groups = array(); 


    while(
    $row mysql_fetch_assoc($result)){ 


      
    $groups[$i ROWS_PER_GROUP][] = $row

      
    $i++; 




    foreach(
    $groups as $rows){ 

        echo 
    "<tr>"

    foreach(
    $rows as $row){ 


    $image5=$row['IFilename']; 
       if (
    $image5==""){ 
    $image6="images/favicon.gif"
    }else{ 
    $image6=$row['IFilename']; 


             echo 

             <td class='4' align='center' valign='center' height='150' width='150'> 
             <a href='http://www.gameanyone.com?p=video&game=
    $game&video=".$row['VTitle']."'><img src='".$row['IFilename']."' border='0' height='100'><br>".$row['VTitle'].
             </a></td> 
            "




    echo 
    "</tr>"




            echo 
    "</table>"
    Also, you script is a subject to SQL Injection.

  6. #31
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Awesome, that works. I've heard of SQL Injection before, but I don't know what to do to prevent it. Is it because of the strings are within the URL?

  7. #32
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by jetnine View Post
    Awesome, that works. I've heard of SQL Injection before, but I don't know what to do to prevent it. Is it because of the strings are within the URL?
    It is because you don't escape them when using in SQL query.

    Check out mysql_real_escape_string()

  8. #33
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I allow comments on videos, and I've always known that someone could put some code in such as a redirect so I want to first secure this. When I echo the comment I changed it to
    PHP Code:
    stripslashes($row['Comment']) 
    , as mysql_real_escape_string was adding some unwanted characters. I don't notice a difference with using stripslashes and not using them.

    Would be using the following be correct for the page you were helping me with?
    PHP Code:
    $game2=$_GET['game'];
    $game=mysql_real_escape_string($game2); 

  9. #34
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You must have magic_quotes_gpc enabled. turn it off. The escape string function isn't what is adding those characters. That's not what it does.

  10. #35
    SitePoint Addict
    Join Date
    Apr 2005
    Posts
    236
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have magic_quotes_gpc off, and it was still adding stuff like "\n" which I believe to be a line break.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •